Summary of the invention
In view of above-mentioned the deficiencies in the prior art part, the object of the present invention is to provide a kind of electronic authorization shape implementation method, intelligent terminal, authoring system and verification terminal based on terminal storage, it has increased the authentication information that the user uses identification information, improved the fail safe of using, easy to use, be specially adapted to strong safety requirements or responsive application scenario.
In order to achieve the above object, the present invention has taked following technical scheme:
A kind of electronic authorization shape implementation method based on terminal storage, be applied to electronic management system, comprise intelligent terminal, authoring system, user management center and the verification terminal of being with user ID, wherein, described implementation method comprises the application mandate, and described application mandate comprises step:
The intelligent terminal of described band user ID receives and the storage subscriber identity data;
Described intelligent terminal sends to authoring system application mandate shape with subscriber identity data;
Described authoring system receives described subscriber identity data;
Described authoring system extracts and the corresponding client public key data of described subscriber identity data to the user management center;
Described authoring system generates and stores the mandate shape that contains subscriber identity data, client public key data;
Described authoring system sends to described intelligent terminal by note with the affirmation information of described mandate shape;
Described intelligent terminal receives the affirmation information of described mandate shape;
Described verification terminal receives and stores the mandate shape that contains subscriber identity data, client public key data from described authoring system.
Described electronic authorization shape implementation method, wherein, it also comprises use authority, described use authority comprises step:
Described verification terminal sends the order of reading subscriber identity data;
Described intelligent terminal receives described order and the generation random number of reading subscriber identity data of storage;
Described portable terminal sends to described verification terminal with described subscriber identity data and random number;
Described verification terminal is searched the corresponding grant shape according to described subscriber identity data;
Described verification terminal becomes to have first ciphertext of authentication according to the client public key data in the mandate shape of being found with described random number encryption;
Described verification terminal sends to described intelligent terminal with described first ciphertext and an additional identification information;
Described intelligent terminal receives described first ciphertext and described additional identification information, and deciphers described first ciphertext and check the interior random number of described first ciphertext;
Described intelligent terminal becomes to have second ciphertext of authentication to described additional identification information encryption with private key signature;
Described verification terminal receives described second ciphertext and verifies described signature;
Described verification terminal checking is passed through and is carried out and authorize and write down the user's signature data of authorizing.
Described electronic authorization shape implementation method, wherein, it also comprises the cancellation mandate; Described cancellation mandate comprises step:
Described intelligent terminal receives user's cancellation mandate shape request and private key for user signature, and described cancellation mandate shape request and private key for user signature are sent to described authoring system
Described authoring system receives described cancellation mandate shape request and private key for user signature, and checks described private key for user signature;
Described authoring system upgrades local data base;
Described verification terminal is new database more;
After finishing cancellation, described authoring system sends cancellation to described intelligent terminal and authorizes shape information.
Described electronic authorization shape implementation method, wherein, terminal date, time, terminal number that described additional identification information is the user's signature data.
A kind of intelligent terminal wherein, comprising:
First receives and memory cell, is used for receiving and storage subscriber identity data and public and private key;
First transmitting element is used for described subscriber identity data is sent to authoring system application mandate shape;
First receiving element is used to receive the affirmation information of described mandate shape;
Second receives and memory cell, is used to receive the order of reading subscriber identity data and produces random number;
Second transmitting element is used for described subscriber identity data and random number are sent to verification terminal;
Receive and decrypting device, be used to receive first ciphertext and an additional identification information, and decipher described first ciphertext and check the interior random number of described first ciphertext;
Second ciphering unit is used for becoming to have with the private key signature data encryption second ciphertext of authentication.
Described intelligent terminal, wherein, it also comprises: cancel request unit, be used to receive user's cancellation mandate shape request and private key for user signature, and described cancellation mandate shape request and private key for user signature are sent to described authoring system.
A kind of authoring system wherein, comprising:
Receive and authentication unit, be used for receiving and the checking subscriber identity data;
Extraction unit is used for extracting and the corresponding client public key data of subscriber identity data to the user management center;
Authorize shape to generate and memory cell, be used to generate and store the mandate shape that contains subscriber identity data, client public key data;
The authorization message transmitting element is used for by note the affirmation information of described mandate shape being sent to described intelligent terminal;
The cancellation performance element is used to receive cancellation mandate shape request and the private key for user signature that intelligent terminal is sent, and checks described private key for user signature, carries out cancellation and authorizes shape, and local data base upgrades in time.
A kind of verification terminal wherein, comprising:
Authorize shape to receive and memory cell: to be used for receiving and store the mandate shape that contains subscriber identity data, client public key data from authoring system;
Read to identify transmitting element, be used to send the order of reading subscriber identity data;
Authorize shape to search the unit: to be used for searching the corresponding grant shape according to described subscriber identity data;
First ciphering unit is used for the client public key data according to the mandate shape of being found, and random number encryption is become to have first ciphertext of authentication;
The first ciphertext transmitting element is used for described first ciphertext and an additional identification information are sent to intelligent terminal;
Receive and authentication unit, be used to receive second ciphertext and verify the user's signature data;
Be authorized performance element, be used for checking by and carry out and authorize, and record user's signature data of authorizing.
Described verification terminal, wherein, it also comprises: cancellation data updating unit, the mandate shape data message of the user's cancellation that is used to upgrade in time.
A kind of electronic authorization shape implementation method, intelligent terminal, authoring system and verification terminal provided by the invention based on terminal storage, adopt public key cryptography technology to realize described electronic authorization shape, authorize in the shape subscriber identity information is arranged, verification terminal is verified by sign and signature to the user, has improved the fail safe of using; And the user just can apply for authorizing shape by note, and authorizes shape to be stored in verification terminal, and the user holds the smart card of sign identity, or the intelligent terminal of embedded smart card, and (as mobile phone) use authority shape is easy to use.
Embodiment
The embodiment of the invention provides a kind of electronic authorization shape implementation method, intelligent terminal, authoring system and verification terminal based on terminal storage, adopt public key cryptography technology to realize described electronic authorization shape, adopt public key cryptography technology to realize authorizing shape, authorize shape to be stored in verification terminal, the user holds the smart card of sign identity, or the intelligent terminal of embedded smart card, (as mobile phone) use authority shape, easy to use.Authorize the shape implementation method to comprise application mandate, use authority, cancellation mandate etc.For making purpose of the present invention, technical scheme and advantage clearer, clear and definite, below the utility model is further described with reference to the accompanying drawing embodiment that develops simultaneously.
The embodiment of the invention provides a kind of electronic authorization shape implementation method based on terminal storage, be applied to electronic management system, comprise intelligent terminal, authoring system, user management center and the verification terminal of being with user ID, wherein, as shown in Figure 1, described application mandate comprises step:
101, the user gets or enough buys the user smart card of being with user totem information to the user management center, or on the intelligent terminal of packing into (as mobile phone) of smart card.
102, when the user will apply for authorizing shape, described intelligent terminal sends to authoring system application mandate shape with described subscriber identity data.
103, described authoring system receives and verifies described subscriber identity data, and whether decision meets the condition of being authorized, and is authorized then execution in step 104 if meet; Otherwise execution in step 108.
104, described authoring system extracts and the corresponding client public key data of subscriber identity data to the user management center.
105, described authoring system generates and stores the mandate shape that contains subscriber identity data, client public key data; And the affirmation information of described mandate shape is sent to described intelligent terminal, the success of notice subscriber authorisation by note.
106, described verification terminal receives and storage contains the mandate shape of subscriber identity data, client public key data from described authoring system, and described mandate shape is downloaded to verification terminal.
107, described intelligent terminal receives the affirmation information (successfully waiting confirmation as applying for authorizing) of described mandate shape.
108, when the against regulation condition of user applies mandate, do corresponding failure and handle.
Described use authority comprises step: as shown in Figure 2;
201, described verification terminal sends the order of reading subscriber identity data to user's intelligent terminal.
202, described intelligent terminal receives described order and the generation random number of reading subscriber identity data of storage.
203, described portable terminal sends to described verification terminal with described subscriber identity data and random number.
204, described verification terminal is searched the corresponding grant shape according to described subscriber identity data, if find corresponding mandate shape, then execution in step 205; Otherwise execution in step 210.
205, described verification terminal is according to the client public key data in the mandate shape of being found, described random number encryption is become to have first ciphertext of authentication, and with described first ciphertext and an additional identification information, intelligent terminal as described in sending to as terminal date, time, terminal number etc.
206, described intelligent terminal receives described additional identification information, and deciphers described first ciphertext and check the interior random number of described first ciphertext, if decipher and check correctly, then execution in step 207; Otherwise execution in step 210.
207, described intelligent terminal becomes to have second ciphertext of authentication to described additional identification information encryption with private key signature; And described second ciphertext sent back to verification terminal.
208, described verification terminal receives described second ciphertext and verifies described user's signature data; If checking is correct, then execution in step 209, otherwise execution in step 210.
209, described verification terminal checking is passed through and is carried out and authorize and write down the user's signature data of authorizing.
210, doing corresponding failure handles.
Further embodiment, the electronic authorization shape implementation method based on terminal storage of the present invention when described user thinks that cancellation is authorized, also comprises the cancellation mandate, described cancellation mandate comprises step:
A, user propose cancellation to authorization center and authorize the shape requirement, and cancellation requires to sign with private key for user;
B, authorization center are checked signature, and be correct, upgrades local data base, upgrades the verification terminal data;
C, notify the user to cancel success.
Below be that preferred embodiment is described in detail the electronic authorization shape implementation method that the present invention is based on terminal storage to order film ticket:
The first step, user select " order film ticket " on mobile phone wallet STK menu, select movie theatre, date and film, and mobile phone is pressed form as " 20090808F08 " with it, sends to movie theatre by note.
Second step, movie theatre are confirmed the supply of tickets, and ticket fee and user mobile phone number are sent to the mobile phone wallet center, and the user is notified at the wallet center paying ticket fee.
The 3rd step, user receive payment information, confirm payment, after the mobile phone wallet center is paid successfully, and the notice movie theatre.
The 4th step, after movie theatre receives the ticket fee payment affirmation, from user management center application PKI, and to generate with the user mobile phone number be the film ticket mandate shape that sign comprises information such as client public key, date, entrance hall, seat, the SMS notification user " books tickets successfully ".
The 5th step, film ticket mandate shape download to the ticket checking terminal of specifying the entrance hall.
The 6th step, user enter movie theatre, hold mobile phone and brush in ticket checking terminal, and ticket checking terminal is read cell-phone number and random number, searches the film ticket mandate shape of cell-phone number correspondence, count at any time with public key encryption in the mandate shape, send mobile phone with terminal date, time, terminal number.
After the 7th step, the mobile phone checking random number,, return terminal with encrypted private key terminal date, time, terminal number.
The 8th step, terminal certifying signature, correct, mandate is passed through, and opens banister, and the user enters Movie House.
Based on said method, the embodiment of the invention is corresponding to provide a kind of intelligent terminal, and as shown in Figure 3, it comprises:
First receives and memory cell 301, is used for receiving and storage subscriber identity data and public and private key;
First transmitting element 302 is used for described subscriber identity data is sent to authoring system application mandate shape;
First receiving element 303 is used to receive the affirmation information of described mandate shape;
Second receives and memory cell 304, is used to receive storage and reads the order of subscriber identity data and produce random number;
Second transmitting element 305 is used for described subscriber identity data and random number are sent to verification terminal;
Receive and decrypting device 306, be used to receive first ciphertext and terminal date, time, terminal number, and decipher described first ciphertext and check the interior random number of described first ciphertext;
Second ciphering unit 307 is used for private key user's signature data described terminal date, time, terminal number being encrypted to second ciphertext of authentication.
In a further embodiment, this intelligent terminal also comprises: cancel request unit 308, be used to receive user's cancellation mandate shape request and private key for user signature, and described cancellation mandate shape request and private key for user signature are sent to described authoring system.
Based on said method, the embodiment of the invention also provides a kind of authoring system, and as shown in Figure 4, it comprises:
Receive and authentication unit 401, be used for receiving and the checking subscriber identity data;
Extraction unit 402 is used for extracting and the corresponding client public key data of subscriber identity data to the user management center;
Authorize shape to generate and memory cell 403, be used to generate and store the mandate shape that contains subscriber identity data, client public key data;
Authorization message transmitting element 404 is used for by note the affirmation information of described mandate shape being sent to described intelligent terminal;
Cancellation performance element 405 is used to receive cancellation mandate shape request and the private key for user signature that intelligent terminal is sent, and checks described private key for user signature, carries out cancellation and authorizes shape, and local data base upgrades in time.
Based on said method, the embodiment of the invention also provides a kind of verification terminal, and as shown in Figure 5, it comprises:
Authorize shape to receive and memory cell 501: to be used for receiving and store the mandate shape that contains subscriber identity data, client public key data from authoring system;
Read to identify transmitting element 502, be used to send the order of reading subscriber identity data;
Authorize shape to search unit 503: to be used for searching the corresponding grant shape according to described subscriber identity data;
First ciphering unit 504 is used for the client public key data according to the mandate shape of being found, and random number encryption is become to have first ciphertext of authentication;
The first ciphertext transmitting element 505 is used for described first ciphertext and terminal date, time, terminal number are sent to intelligent terminal;
Receive and authentication unit 506, be used to receive second ciphertext and verify the user's signature data;
Be authorized performance element 507, be used for checking by and carry out and authorize, and record user's signature data of authorizing.
In a further embodiment, this verification terminal also comprises: cancellation data updating unit 508, the mandate shape data message of the user's cancellation that is used to upgrade in time.
A kind of electronic authorization shape implementation method, intelligent terminal, authoring system and verification terminal provided by the invention based on terminal storage, adopt public key cryptography technology to realize described electronic authorization shape, authorize in the shape subscriber identity information is arranged, verification terminal is verified by sign and signature to the user, has improved the fail safe of using; And the user just can apply for authorizing shape by note, and authorizes shape to be stored in verification terminal, and the user holds the smart card of sign identity, or the intelligent terminal of embedded smart card, and (as mobile phone) use authority shape is easy to use.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.